Jonathan Sharp, CEO at Britannic Technologies, shares cyber security tips for small businesses.
This year cyber crime has been like a tsunami taking down several well-known enterprises, costing companies billions, having to reduce staff and putting some suppliers out of business. Cyber crime is now a national emergency and the National Cyber Security Centre (NCSC) and the National Crime Agency announced they cannot fight cyber crime alone.
Placing the onus on businesses and organisations to secure their systems and data, and prioritise cyber security as a critical agenda item that should be embedded into every decision they make.
Thinking and operating differently
To combat cyber security challenges, we must change the way we think and operate online and with technology. We need to be agile, flexible, and open-minded about learning new methods of operating and working, and we can never sit still. It has been suggested that supply models such as ‘Just in Time’ may have to change to leaner models because if a company is hacked, the disruption to the supply chain is massive, resulting in the company’s not being able to get stock.
Act before and not after
Companies and organisations need to secure their technology, people and processes from cyber crime before it happens by implementing a secure IT network and business continuity strategy. So, if a cyber-attack does occur, they can act either before it happens or immediately when it does, continuing with business as usual without facing massive consequences.
Top tips for how business can secure against cyber crime
Cyber security is not an optional spend for businesses; it is now a critical matter of survival, protecting your business, people and reputation from a cyber breach. It is no longer the sole remit of the IT department; everyone in the company from the CEO down should be accountable for cyber security. Security needs to be embedded into the culture of the company and to ensure it is, employees should be educated on cyber security.
Education and awareness
Human error accounts for a staggering 95% of cyber-related incidents (Mimecast 2025), so employees must be trained regularly on cyber security. Through workshops, courses and using phishing simulations where companies send employees fake but realistic phishing emails to test their ability to recognise threats and how they respond to them. Teaching employees not to click on suspicious links, input passwords from phishing emails and messages, creating weak passwords and overall poor security hygiene.
It is vital to build a culture where employees feel compelled but comfortable to report any suspicious activity.
Robust passwords
The easiest way for cyber criminals to hack into your network is through weak or repeated passwords. Enforce a rule where all employees must use complex and unique passwords with a combination of upper and lower case letters, numbers and symbols to keep out the cybercriminals. Provide a password manager on your systems to prevent employees from having to remember passwords and enhance security.
Multi factor authentication (MFA)
For an additional security layer incorporate a multi facto authentication (MFA) for a second verification step, this could be a code that is sent to their mobile phone or an authenticator application. Research from Microsoft shows that an MFA can block more than 99.2% of cyber-attacks.
Secure devices
It is also critical not to leave work devices unattended in a public place, or to use a public Wi-Fi connection. In the office, employees should ensure that screen locks are activated. Protect all devices with encryption with the ability to wipe data if lost or stolen. If employees use their personal devices for work, then deploy a robust BYOD policy in place.
Secure Wi-Fi networks
The Office for National Statistics reported that over a quarter of the UK workforce were hybrid working at the start of 2025 and with the rise in cyber crime a secure network is vital. Remote and hybrid workers should use a Virtual Private Network (VPN) so employees can connect securely making it harder for hackers. Without a VPN you are exposing yourself to an attack.
Update software and devices
If your software and devices are not kept up to date, then the cyber criminals will detect weaknesses in aged, unpatched systems and devices. Businesses should run strict patch management policies, turn on automatic updates and implement reputable malware and anti-virus software.
Business continuity plan
Back up your data and follow the 321 rules where you have three copies of your data, stored on two different types of storage, one online and the other off-site. Conduct tests regularly to ensure they can be restored and recovered should a disaster occur. A cyber security plan is evolutionary and requires constant updating, maintenance, and adaptation.
AI for good
Investing in layered security with perimeters, secure endpoints and AI monitoring that can detect threats and anomalies in real time. Protecting employees and customers that can be actioned before an attack happens.
AI can be used to detect deepfakes, which criminals use in social engineering. Deploying a solution that identifies these irregularities can prevent a cyberattack in advance. Employees must be trained on spotting these in links and emails etc.
Building trust
Customers, suppliers and partners want to do business with a company that is secure and resilient, one that they can trust to look after their data and their affairs. This is also a legal requirement for GDPR requirements and Directors’ fiduciary duty. Solutions such as call and messaging branding build trust because customers can see that the call or text message is from a reputable business that they deal with and not a scammer.
It is also paramount to have the latest and up to date security standard certifications such as ISO027001 and Cyber Essentials Plus certifications to build trust with all stakeholders.
Stake holder chain
The supply chain and customer environments are often one of the weakest links in cyber resilience. It is critical to perform rigorous audits and ongoing compliance monitoring to ensure they are safe and do not expose your business to a cyber-attack.
Protect yourselves
Beating cyber crime requires a collective collaboration between education institutions, parents, the government and businesses, which will take time. But you don’t have time, so it is up to you to protect your business from an cyberattack, by ensuring you have the latest AI real-time cyber security network and solutions in place to protect your business, people and technology.
Don’t be a victim of cyber crime and act now before it’s too late for your business and your reputation. Some recover but some don’t!